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DETAILED ACTION 



Response to Arguments 

1 . Applicant's arguments filed September 9, 2005 have been fully considered but 
they are not persuasive. 

The applicant has argued that it is not taught by the combination of Gasser and 
Parker that "the presenter of credentials... .presents to the recipient of credentials one or 
more chains of group credentials that prove that presenter's membership in the nested 
group". The examiner respectfully disagrees, the teachings of Gasser are relied upon 
for disclosing of credentials that include nested groups with chains of group credentials, 
see column 10, lines 19-55. The teachings of Parker are relied upon for disclosing of 
credentials that contain user access rights and is organized by grouping (col. 2, lines 
13-15,24-25, and 30-31. These rights listed in the privilege attribute certificates indicate 
which permissions the group of users is permitted. Parker further discloses that when 
the user wishes to access target applications, the privilege attribute certificate is 
presented to the particular application that lists the user's rights and a determination is 
made whether those users are permitted to access those applications, see column 1 , 
lines 25-27 and 40-50. 

It is argued by the applicant that neither Parker or Gasser disclose submitting 
proofs of group membership or group non-membership in the form of group certificates 
or lists. The examiner disagrees, Gasser is relied upon for disclosing group 
membership list that lists the members of a group, see column 11, lines 13-15 and 30- 
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35. Gasser et al additionally discloses of denying access to a first group which is a 
subgroup of a second group and only granting access to members of the second group 
who do not derive their membership in the second group through their membership in 
the first group, which is interpreted by the examiner as being non-membership, see 
abstract and column 24, lines 19-40. The groups may contain certificates which have 
been revoked and uncertified, indicating non-membership, see column 11, lines 9-15. 
It is argued that Gasser or Parker fail to disclose "transmission to the server a 

request including the one or more chains of group credentials that prove 

membership in the nested group". The examiner respectfully disagrees, for it is 
disclosed by Gasser of a presenter located at a client which makes a request, 
transmitted across a network, for access to resources to a server controlling the system 
resources, see column 4, lines 26-29 & 55-64 and column 21 , lines 43-47 & 54-58. 
Please refer above for the examiner's rebuttal pertaining to chains of group credentials 
that prove membership in the nested group. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-128 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gasser et al, U.S. Patent 5,220,604 in view of Parker, U.S. Patent 5,339,403. 
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As per claims 1,23,45,59,73,87,101, and 115, it is disclosed by Gasser et al of 
method, system, and sequence of program sequences (data signal embodied on a 
carrier wave) for a user (presenter) located on a workstation (client) which makes a 
request (transmitted across a network) for access to resources to a server (recipient) 
containing (controlling) the system resources (col. 4, lines 26-29 & 55-64 and col. 21, 
lines 43-47 & 54-58). The teachings consist of program sequences (computer data 
signal embodied as carrier waves) that are to be executed by a CPU (processor)(col. 2, 
lines 58-60). Members are listed in a certificate (credentials) that which is nested groups 
that include subgroups (chains) that are certified (proven/validated entity 
membership)(col. 10, lines 19-55). If a requesting user (presenter), located in the 
group, is found in the resource's (services) is found in the access control list, then 
access is granted (authorized) by making the resources available to the members (col. 
4, lines 50-54, col. 10, lines 50-55 & 61-65, and col. 21, lines 54-58). The teachings of 
Gasser et al disclose of presenting the credentials, but they need to be looked up for 
comparison and the teachings are silent in disclosing of making the credentials 
available to the group. It is disclosed by Parker of privilege attribute certificates 
(credentials) that contain user access rights and is organized by grouping (col. 2, lines 
1 3-1 5,24-25, & 30-31 ). It would have been obvious to a person of ordinary skill in the art 
at the time of the invention to have been motivated to apply means for listing user's 
credentials for fast comparison to determine user's access rights. The teachings of 
Parker recite of motivation by disclosing that a user only needs to be authenticated once 
and the privilege attribute certificate (credential) can be used several times to access 
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different applications (col. 1 , lines 28-34). It is obvious that the teachings of Gasser et 
al would have found this beneficial in an attempt to speed up the process of accessing 
multiple applications as is disclosed by Parker. 

As per claims 2,13,24,35,46,53,60,67,74,81,88,95,102,109,116, and 123, Gasser 
et al teaches of signed certificates (credentials) that verify (proof of) group membership 
(col. 11, lines 29-31). 

As per claims 3,14,25,36,47,54,61,68,75,82,89,96,103,110,117, and 124, Gasser 
et al teaches of signed certificates that verify group membership (col. 1 1 , lines 29-31). 

As per claims 4,15,26,37,48,55,62,69,76,83,90,97,104,111,118, and 125, Gasser 
et al teaches of a group (membership) list that lists the members of a group (col. 1 1 , 
lines 13-15 & 30-35). 

As per claims 5,16,27,38,49,56,63,70,77,84,91,98,105,112,119, and 126, Gasser 
et al teaches of signed certificates (credentials) that verify (proof of) group membership 
(col. 1 1 , lines 29-31 ). Gasser et al discloses of denying access to a first group which is 
a subgroup of a second group and only granting access to members of the second 
group who do not derive their membership in the second group through their 
membership in the first group (which is interpreted by the examiner as being non- 
membership)(see abstract, col. 24, lines 19-40). Gasser et al notes that groups may 
contain certificates which have been revoked and uncertified (indicating non- 
membership)(col. 11, lines 9-15). 

As per claims 6,17,28,39,50,57,64,71,78,85,92,99,106,113,120, and 127, Gasser 
et al teaches of signed certificates that verify group membership (col. 1 1 , lines 29-31). 
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Gasser et al discloses of denying access to a first group which is a subgroup of a 
second group and only granting access to members of the second group who do not 
derive their membership in the second group through their membership in the first group 
(which is interpreted by the examiner as being non-membership)(see abstract, col. 24, 
lines 19-40). Gasser et al notes that groups may contain certificates which have been 
revoked and uncertified (indicating non-membership)(col. 11, lines 9-15). 

As per claims 7,18,29,40,51,58,65,72,79,86,93,100,107,114,121, and 128, 
Gasser et al teaches of a group that which lists the members of a group (col. 1 1 , lines 
1 3-1 5 & 30-35). Gasser et al discloses of denying access to a first group which is a 
subgroup of a second group and only granting access to members of the second group 
who do not derive their membership in the second group through their membership in 
the first group (which is interpreted by the examiner as being non-membership)(see 
abstract, col. 24, lines 19-40). Gasser et al notes that groups may contain certificates 
which have been revoked and uncertified (indicating non-membership)(col. 11, lines 9- 
15). 

As per claims 8,19,30, and 41 , Gasser et al discloses of a user (presenter) 
located on a workstation (client) which makes a request (across a network) to a server 
(recipient) containing system resources (services)(col. 21, lines 43-47). 

As per claims 9,20,31 , and 42, Gasser et al discloses of a user (presenter) 
located on a workstation (client) which makes a request (across a network which is on- 
line) to a server (recipient) containing system resources (services)(col. 21, lines 43-47). 
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As per claims 10,21 ,32, and 43, Gasser et al discloses of a user (presenter) 
located on a workstation (client) which makes a request (across a network which is on- 
line) to a server (recipient) containing system resources (services)(col. 21, lines 43-47). 
Also disclosed is the use of determining if a certificate has been revoked (through 
means of a revocation server)(col. 11, lines 7-8). 

As per claims 1 1 ,22,33, and 44, Gasser et al discloses of a user (presenter) 
located on a workstation (client) which makes a request (across a network) to a server 
(recipient) containing system resources (services)(col. 21, lines 43-47). 

As per claims 12,34,52,66,80,94,108, and 122, it is disclosed by Gasser et al of 
method, system, and sequence of program sequences (data signal embodied on a 
carrier wave) for a user (presenter) located on a workstation (client) which makes a 
request (transmitted across a network) for access to resources to a server (recipient) 
containing (controlling) the system resources (col. 4, lines 26-29 & 55-64 and col. 21 , 
lines 43-47 & 54-58). The teachings consist of program sequences (computer data 
signal embodied as carrier waves) that are to be executed by a CPU (processor)(col. 2, 
lines 58-60). Members are listed in a certificate (credentials) that which is nested groups 
that include subgroups (chains) that are certified (proven/validated entity 
membership)(col. 10, lines 19-55). If a requesting user (presenter), located in the 
group, is found in the resource's (services) is found in the access control list, then 
access is granted (authorized) by making the resources available to the members (col. 
4, lines 50-54, col. 10, lines 50-55 & 61-65, and col. 21, lines 54-58). Also taught by 
Gasser et al of a first group which is a subgroup of a second group and members of the 
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second group who do not derive their membership in the second group through their 
membership in the first group (which is interpreted by the examiner as being non- 
membership)(col. 24, lines 19-40). Gasser et al notes that groups may contain 
certificates which have been revoked and uncertified (indicating non-membership)(col. 
1 1 , lines 9-15). The groups are only secure as the entity that controls modification 
access to the group list (col. 1 1 , lines 13-15) and it is interpreted by the examiner that 
access is provided to resources if they are non-members of a group since it is non- 
secure as is recited by Gasser et al. The teachings of Gasser et al disclose of 
presenting the credentials, but they need to be looked up for comparison and the 
teachings are silent in disclosing of making the credentials available to the group. It is 
disclosed by Parker of privilege attribute certificates (credentials) that contain user 
access rights and is organized by grouping (col. 2, lines 13-15,24-25,& 30-31). It would 
have been obvious to a person of ordinary skill in the art at the time of the invention to 
have been motivated to apply means for listing user's credentials for fast comparison to 
determine user's access rights. The teachings of Parker recite of motivation by 
disclosing that a user only needs to be authenticated once and the privilege attribute 
certificate (credential) can be used several times to access different applications (col. 1 , 
lines 28-34). It is obvious that the teachings of Gasser et al would have found this 
beneficial in an attempt to speed up the process of accessing multiple applications as is 
disclosed by Parker. 
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Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-3:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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